Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Authentication method and apparatus for detecting and preventing source address spoofing packets

a source address and authentication method technology, applied in the direction of unauthorized memory use protection, instruments, data switching details, etc., can solve the problem of distributed denial of service (ddos) attack, still attack of ddos by source address spoofing packets, and very vulnerable security of the internet based on the current transmission control protocol/internet protocol (tcp/ip), etc., to achieve the effect of enhancing stability

Active Publication Date: 2015-02-24
ELECTRONICS & TELECOMM RES INST
View PDF9 Cites 219 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0008]Further, the present invention provides an authentication method and apparatus for detecting and preventing a source address spoofing packet, which are capable of basically detecting whether a source address of a packet is spoofed by a network layer and forwarding only a packet having a normal source address in a router.
[0021]In the system for verifying a source address for detecting and preventing a source address spoofing packet in accordance with the present invention, a network layer fundamentally detects a source address spoofing packet and a router forwards only a packet having a normal source address, thereby fundamentally defending against a malicious attack such as DDoS or the like.
[0022]That is, a source of a packet may be verified by using a self-assurance type ID by which a transmitter may assure a receiver that the transmitter has a proper address without intervention or help of a third party, and a network layer fundamentally detects whether a source address of a packet has been spoofed to allow a router to forward only a packet having a normal source address, thereby fundamentally defending against a malicious attack such as DDoS or the like.
[0023]Further, the system in accordance with the present invention may enhance stability by using a second hash value even when a length of a self-assurance type ID is shorter than a length of a hash function, in generating the self-assurance type ID.

Problems solved by technology

In general, the Internet based on the current transmission control protocol / Internet protocol (TCP / IP) is very vulnerable to security when a malicious user arbitrarily changes a source and a destination.
In particular, a basic cause of a distributed denial of service (DDoS) attack lies in distribution of a packet whose source address is changed.
However, in spite of the various conventional methods for detecting source address spoofing packets, an attack of DDoS by source address spoofing packets is still made.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Authentication method and apparatus for detecting and preventing source address spoofing packets
  • Authentication method and apparatus for detecting and preventing source address spoofing packets
  • Authentication method and apparatus for detecting and preventing source address spoofing packets

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030]Embodiments of the present invention will be described herein, including the best mode known to the inventors for carrying out the invention. Variations of those embodiments may become apparent to those of ordinary skill in the art upon reading the foregoing description. The inventors expect skilled artisans to employ such variations as appropriate, and the inventors intend for the invention to be practiced otherwise than as specifically described herein. Accordingly, this invention includes all modifications and equivalents of the subject matter recited in the claims appended hereto as permitted by applicable law. Moreover, any combination of the above-described elements in all possible variations thereof is encompassed by the invention unless otherwise indicated herein or otherwise clearly contradicted by context.

[0031]In the following description of the present invention, if the detailed description of the already known structure and operation may confuse the subject matter...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An authentication apparatus for detecting and preventing a source address spoofing packet, includes a packet reception unit configured to receive a packet from a previous node or a user host; a self-assurance type ID generation unit configured to generate a self-assurance type ID of a source node of the received packet; and a self-assurance type ID verification unit configured to determine whether the source address of the received packet has been spoofed. Further, the authentication apparatus includes a white list storage unit configured to store a reliable source node; a black list storage unit configured to store an unreliable source node; and a packet transmission unit configured to transmit the packet whose source has been verified through the self-assurance type ID verification unit to a next network node.

Description

CROSS-REFERENCE TO RELATED APPLICATION(S)[0001]The present invention claims priority of Korean Patent Application No. 10-2011-0132070, filed on Dec. 9, 2011, which is incorporated herein by reference.FIELD OF THE INVENTION[0002]The present invention relates to detection and prevention of an address spoofing packet; and more particularly, to an authentication method and apparatus for detecting and preventing a source address spoofing packet which are capable of basically defending against a malicious attack such as a distributed denial of service denial (DDoS).BACKGROUND OF THE INVENTION[0003]In general, the Internet based on the current transmission control protocol / Internet protocol (TCP / IP) is very vulnerable to security when a malicious user arbitrarily changes a source and a destination. In particular, a basic cause of a distributed denial of service (DDoS) attack lies in distribution of a packet whose source address is changed.[0004]Thus, various countermeasure methods for dete...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): G06F9/00H04L29/06
CPCH04L63/1408H04L63/0823H04L63/101H04L63/1458H04L2463/146H04L12/22H04L9/32
Inventor LEE, SANG-WOOSEO, DONG IL
Owner ELECTRONICS & TELECOMM RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com